The affected applications contain an out of bounds read past the end of
an allocated structure while parsing specially crafted PDF files. This
could allow an attacker to execute code in the context of the current
process.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-59253 The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
Fixes

Solution

Siemens has released new versions for the affected products and recommends to update to the latest versions. : * Teamcenter Visualization V14.1: Update to V14.1.0.14 or later version https://support.sw.siemens.com/ * Teamcenter Visualization V14.2: Update to V14.2.0.10 or later version https://support.sw.siemens.com/ * JT2Go: Update to V14.3.0.8 or later version https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/ * Teamcenter Visualization V14.3: Update to V14.3.0.8 or later version https://support.sw.siemens.com/ * Teamcenter Visualization V2312: Update to V2312.0002 or later version https://support.sw.siemens.com/ For more information see the associated Siemens security advisory SSA-722010


Workaround

To reduce risk, Siemens recommends users not open untrusted PDF files in affected applications. As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security and following recommendations in the product manuals. Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity For more information see the associated Siemens security advisory SSA-722010

History

Wed, 14 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens jt2go
Siemens teamcenter Visualization
CPEs cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
Vendors & Products Siemens
Siemens jt2go
Siemens teamcenter Visualization
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 12 Aug 2024 22:00:00 +0000

Type Values Removed Values Added
Description The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
Title Siemens Teamcenter Visualization and JT2Go Out-of-bounds Read
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-08-27T20:42:53.230Z

Reserved: 2023-12-21T19:40:53.933Z

Link: CVE-2023-7066

cve-icon Vulnrichment

Updated: 2024-08-14T14:02:31.105Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-12T22:15:08.770

Modified: 2024-08-13T12:58:25.437

Link: CVE-2023-7066

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.